10.10. Cloud Security

10.10.1. Cloud Environment Automated Testing

• checkov Prevent cloud misconfigurations during build-time for Terraform, Cloudformation, Kubernetes, Serverless framework and other infrastructure-as-code-languages with Checkov by Bridgecrew

• CDK Zero Dependency Container Penetration Toolkit

• kube bench

• kube hunter Hunt for security weaknesses in Kubernetes clusters

• KubiScan A tool to scan Kubernetes cluster for risky permissions

• kubescape kubescape is the first tool for testing if Kubernetes is deployed securely as defined in Kubernetes Hardening Guidance by to NSA and CISA

• peirates Kubernetes Penetration Testing tool

• botb A container analysis and exploitation tool for pentesters and engineers

• datree Prevent Kubernetes misconfigurations from reaching production

10.10.2. Security Hardening

• falco Cloud Native Runtime Security

10.10.3. Cloud scanning

• Cloud Custodian Rules engine for cloud security, cost optimization, and governance, DSL in yaml for policies to query, filter, and take actions on resources

• cloudquery cloudquery transforms your cloud infrastructure into SQL database for easy monitoring, governance and security

10.10.4. Range environment

• metarget a framework providing automatic constructions of vulnerable infrastructures.